The Microsoft Security Risk Detection Service (MSRD) was discontinued effective June 25, 2020. This service from Microsoft Research provided users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool. As the security industry shifts from gate-driven audits by professional testers to automated testing by developers, we’re also shifting our approach to open source. In ISOCpp‘s 2020 annual survey, 37% of developers are now using sanitizers and fuzzing in concert in a continuous deploy setup. Modern fuzzing is driven by open source sanitizers that bake instrumentation and test case generation into software at compile time; Microsoft will adopt this paradigm.
Microsoft Research has replaced the MSRD fuzzing service with an open source self-hosted developer fuzzing platform for Azure. OneFuzz is currently being developed and tested as a partnership with many of Microsoft’s core product teams. This fuzzing platform integrates sanitizers and allow for adaptive, learning fuzz tests built into CI/CD pipelines that grow over time with software projects. OneFuzz was released open source on github in 2020 in collaboration with partners to bring Azure-powered fuzzing to developers everywhere.